<div dir="ltr">Hello all security experts,<br><br>I would like to export data from a machine on a business's internal network on a safe media, such that only the files I want exported are on the media. Specifically, I consider the possibility that the machine may already be infected by a malware which adds business-sensitive data to all outgoing media, and would like to defend against such a theoretical malware. The question may be limited to text files.<br>
<br>Things already considered:<br>*The media is a CD, which will be written and then finalized. No USB devices.<br>*An artificial file will be added to the data file, to fill the media as much as possible. This, however, leaves a part of the disk capacity unused - the part used for the structure table (what used to be FAT), which is a place where additional data can hide.<br>
*The CD will be read in two different machines, with two different operating systems. One of the systems will be a bootable linux disk, to preserve its (hopefully) initial not-infected status. The listing of files will be performed including hidden files (ls -la in Linux). The person who wrote the files will read them, to verify they contain the correct information.<br>
<br>Questions:<br>What else should I do?<br>What about a malware compressing the data, using the extra space for additional data?<br>If I compress the data to avoid further compression, how can the person verify it contains exactly what it should?<br>
What can I not defend against?<br>Are such malware as I imagine known? For Linux? Windows?<br clear="all"><br>Thanks for considering the problem,<br>-- <br>Orna Agmon Ben-Yehuda.<br><a href="http://ladypine.org">http://ladypine.org</a><br>
</div>